From f26b418e83b0349824606bc8a9859706581d1944 Mon Sep 17 00:00:00 2001 From: Viktor Liu Date: Fri, 3 Jan 2025 16:02:33 +0100 Subject: [PATCH] Allow to set firewall log level --- client/firewall/iptables/manager_linux.go | 5 +++++ client/firewall/manager/firewall.go | 2 ++ client/firewall/nftables/manager_linux.go | 5 +++++ client/firewall/uspfilter/log/log.go | 2 ++ client/firewall/uspfilter/uspfilter.go | 7 +++++++ client/internal/engine.go | 5 +++++ client/server/debug.go | 8 ++++++++ 7 files changed, 34 insertions(+) diff --git a/client/firewall/iptables/manager_linux.go b/client/firewall/iptables/manager_linux.go index da8e2c08f..8f7084bca 100644 --- a/client/firewall/iptables/manager_linux.go +++ b/client/firewall/iptables/manager_linux.go @@ -215,6 +215,11 @@ func (m *Manager) AllowNetbird() error { // Flush doesn't need to be implemented for this manager func (m *Manager) Flush() error { return nil } +// SetLogLevel sets the log level for the firewall manager +func (m *Manager) SetLogLevel(log.Level) { + // not supported +} + func getConntrackEstablished() []string { return []string{"-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"} } diff --git a/client/firewall/manager/firewall.go b/client/firewall/manager/firewall.go index 9391b47ec..247e55686 100644 --- a/client/firewall/manager/firewall.go +++ b/client/firewall/manager/firewall.go @@ -100,6 +100,8 @@ type Manager interface { // Flush the changes to firewall controller Flush() error + + SetLogLevel(log.Level) } func GenKey(format string, pair RouterPair) string { diff --git a/client/firewall/nftables/manager_linux.go b/client/firewall/nftables/manager_linux.go index 8e1aa0d80..76390d30a 100644 --- a/client/firewall/nftables/manager_linux.go +++ b/client/firewall/nftables/manager_linux.go @@ -312,6 +312,11 @@ func (m *Manager) cleanupNetbirdTables() error { return nil } +// SetLogLevel sets the log level for the firewall manager +func (m *Manager) SetLogLevel(log.Level) { + // not supported +} + // Flush rule/chain/set operations from the buffer // // Method also get all rules after flush and refreshes handle values in the rulesets diff --git a/client/firewall/uspfilter/log/log.go b/client/firewall/uspfilter/log/log.go index e8e91877c..984b6ad08 100644 --- a/client/firewall/uspfilter/log/log.go +++ b/client/firewall/uspfilter/log/log.go @@ -81,6 +81,8 @@ func NewFromLogrus(logrusLogger *log.Logger) *Logger { func (l *Logger) SetLevel(level Level) { l.level.Store(uint32(level)) + + log.Debugf("Set uspfilter logger loglevel to %v", levelStrings[level]) } func (l *Logger) formatMessage(buf *[]byte, level Level, format string, args ...interface{}) { diff --git a/client/firewall/uspfilter/uspfilter.go b/client/firewall/uspfilter/uspfilter.go index 49af28547..96de44ee2 100644 --- a/client/firewall/uspfilter/uspfilter.go +++ b/client/firewall/uspfilter/uspfilter.go @@ -858,3 +858,10 @@ func (m *Manager) RemovePacketHook(hookID string) error { } return fmt.Errorf("hook with given id not found") } + +// SetLogLevel sets the log level for the firewall manager +func (m *Manager) SetLogLevel(level log.Level) { + if m.logger != nil { + m.logger.SetLevel(nblog.Level(level)) + } +} diff --git a/client/internal/engine.go b/client/internal/engine.go index 7cc9f2f2b..8a7596f0c 100644 --- a/client/internal/engine.go +++ b/client/internal/engine.go @@ -1394,6 +1394,11 @@ func (e *Engine) GetRouteManager() routemanager.Manager { return e.routeManager } +// GetFirewallManager returns the firewall manager +func (e *Engine) GetFirewallManager() manager.Manager { + return e.firewall +} + func findIPFromInterfaceName(ifaceName string) (net.IP, error) { iface, err := net.InterfaceByName(ifaceName) if err != nil { diff --git a/client/server/debug.go b/client/server/debug.go index 3c4967b4e..6bcf788d1 100644 --- a/client/server/debug.go +++ b/client/server/debug.go @@ -488,7 +488,15 @@ func (s *Server) SetLogLevel(_ context.Context, req *proto.SetLogLevelRequest) ( } log.SetLevel(level) + + if s.connectClient != nil && + s.connectClient.Engine() != nil && + s.connectClient.Engine().GetFirewallManager() != nil { + s.connectClient.Engine().GetFirewallManager().SetLogLevel(level) + } + log.Infof("Log level set to %s", level.String()) + return &proto.SetLogLevelResponse{}, nil }